5 research outputs found
Niekowalne ekstraktory losowości
We give an unconditional construction of a non-malleable extractor improving the solution from the recent paper "Privacy Amplification and Non-Malleable Extractors via Character Sums" by Dodis et al. (FOCS'11). There, the authors provide the first explicit example of a non-malleable extractor - a cryptographic primitive that significantly strengthens the notion of a classical randomness extractor. In order to make the extractor robust, so that it runs in polynomial time and outputs a linear number of bits, they rely on a certain conjecture on the least prime in a residue class. In this dissertation we present a modification of their construction that allows to remove that dependency and address an issue we identified in the original development. Namely, it required an additional assumption about feasibility of finding a primitive element in a finite field. As an auxiliary result, which can be of independent interest, we show an efficiently computable bijection between any order M subgroup of the multiplicative group of a finite field and a set of integers modulo M with the provision that M is a smooth number. Also, we provide a version of the baby-step giant-step method for solving multiple instances of the discrete logarithm problem in the multiplicative group of a prime field. It performs better than the generic algorithm when run on a machine without constant-time access to each memory cell, e.g., on a classical Turing machine.Rozprawa poświęcona jest analizie ekstraktorów losowości, czyli deterministycznych funkcji przekształcających niedoskonałe źródła losowości na takie, które są w statystycznym sensie bliskie rozkładom jednostajnym. Główny rezultat dysertacji stanowi bezwarunkowa i efektywna konstrukcja ekstraktora pewnego szczególnego typu, zwanego ekstraktorem niekowalnym. Jest to poprawienie wyniku z opublikowanej niedawno pracy "Privacy Amplification and Non-Malleable Extractors via Character Sums" autorstwa Dodisa i in. (FOCS'11). Podana tam konstrukcja stanowiła pierwszy jawny przykład ekstraktora niekowalnego, choć był to rezultat warunkowy, odwołujący się do pewnej hipotezy dotyczącej liczb pierwszych w postępach arytmetycznych. W rozprawie przedstawiona jest modyfikacja rozwiązania Dodisa i in., która pozwala na usunięcie tego dodatkowego założenia. Jednocześnie wskazana w dysertacji i występująca w oryginalnym rozumowaniu luka, związana z problemem wydajnego znajdowania generatora grupy multiplikatywnej w ciele skończonym, nie przenosi się na proponowaną w rozprawie konstrukcję
Separation of Reliability and Secrecy in Rate-Limited Secret-Key Generation
For a discrete or a continuous source model, we study the problem of
secret-key generation with one round of rate-limited public communication
between two legitimate users. Although we do not provide new bounds on the
wiretap secret-key (WSK) capacity for the discrete source model, we use an
alternative achievability scheme that may be useful for practical applications.
As a side result, we conveniently extend known bounds to the case of a
continuous source model. Specifically, we consider a sequential key-generation
strategy, that implements a rate-limited reconciliation step to handle
reliability, followed by a privacy amplification step performed with extractors
to handle secrecy. We prove that such a sequential strategy achieves the best
known bounds for the rate-limited WSK capacity (under the assumption of
degraded sources in the case of two-way communication). However, we show that,
unlike the case of rate-unlimited public communication, achieving the
reconciliation capacity in a sequential strategy does not necessarily lead to
achieving the best known bounds for the WSK capacity. Consequently, reliability
and secrecy can be treated successively but not independently, thereby
exhibiting a limitation of sequential strategies for rate-limited public
communication. Nevertheless, we provide scenarios for which reliability and
secrecy can be treated successively and independently, such as the two-way
rate-limited SK capacity, the one-way rate-limited WSK capacity for degraded
binary symmetric sources, and the one-way rate-limited WSK capacity for
Gaussian degraded sources.Comment: 18 pages, two-column, 9 figures, accepted to IEEE Transactions on
Information Theory; corrected typos; updated references; minor change in
titl
Non-Malleable Extractors and Codes, with their Many Tampered Extensions
Randomness extractors and error correcting codes are fundamental objects in
computer science. Recently, there have been several natural generalizations of
these objects, in the context and study of tamper resilient cryptography. These
are seeded non-malleable extractors, introduced in [DW09]; seedless
non-malleable extractors, introduced in [CG14b]; and non-malleable codes,
introduced in [DPW10].
However, explicit constructions of non-malleable extractors appear to be
hard, and the known constructions are far behind their non-tampered
counterparts.
In this paper we make progress towards solving the above problems. Our
contributions are as follows.
(1) We construct an explicit seeded non-malleable extractor for min-entropy
. This dramatically improves all previous results and gives a
simpler 2-round privacy amplification protocol with optimal entropy loss,
matching the best known result in [Li15b].
(2) We construct the first explicit non-malleable two-source extractor for
min-entropy , with output size and
error .
(3) We initiate the study of two natural generalizations of seedless
non-malleable extractors and non-malleable codes, where the sources or the
codeword may be tampered many times. We construct the first explicit
non-malleable two-source extractor with tampering degree up to
, which works for min-entropy , with
output size and error . We show that we can
efficiently sample uniformly from any pre-image. By the connection in [CG14b],
we also obtain the first explicit non-malleable codes with tampering degree
up to , relative rate , and error
.Comment: 50 pages; see paper for full abstrac
Non-Malleable Extractors with Short Seeds and Applications to Privacy Amplification
Motivated by the classical problem of privacy amplification, Dodis and Wichs (STOC ’09) introduced the notion of a non-malleable extractor, significantly strengthening the notion of a strong extractor. A non-malleable extractor is a function nmExt: {0, 1} n × {0, 1} d → {0, 1} m that takes two inputs: a weak source W and a uniform (independent) seed S, and outputs a string nmExt(W, S) that is nearly uniform given the seed S as well as the value nmExt(W, S ′) for any seed S ′ ̸ = S that may be determined as an arbitrary function of S. The first explicit construction of a non-malleable extractor was recently provided by Li, Wooley and Zuckerman (arXiv:1102.5415 ’11). Their extractor works for any weak source with min-entropy rate 1/2 + δ, where δ> 0 is an arbitrary constant, and outputs up to a linear number of bits, but suffers from two drawbacks. First, the length of its seed is linear in the length of the weak source (which leads to privacy amplification protocols with high communication complexity). Second, the construction is conditional: when outputting more than a logarithmic number of bits (as required for privacy amplification protocols) its efficiency relies on a longstanding conjecture on the distribution of prime numbers